Lucene search
Veracode Vulnerability DatabaseVERACODE:33764HistoryJan 19, 2022 - 9:48 a.m.
Account Takeover
2022-01-1909:48:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
34.1%
umbracocms is vulnerable to account takeover. The use of ApplicationUrl in ConstructCallbackUrl to build a URL pointing back to the site allows an attacker to poison password reset URLs and perform account take over.
| CPE | Name | Operator | Version |
|---|---|---|---|
| umbracocms | le | 8.17.1 | |
| umbracocms.core | le | 8.17.1 | |
| umbracocms | le | 8.17.1 | |
| umbracocms.core | le | 8.17.1 |
Related
prion
prion
Default credentials
2022-01-18 17:15:00
Design/Logic Flaw
2022-01-18 17:15:00
cvelist
cvelist
CVE-2022-22690 Umbraco Remote ApplicationURL Overwrite
2022-01-18 00:00:00
CVE-2022-22691 Umbraco Password Reset URL Poison
2022-01-18 00:00:00
github
github
Umbraco ApplicationURL Overwrite
2022-01-21 23:34:24
Umbraco Persistent Password Reset Poison
2022-01-21 23:34:27
cve
cve
CVE-2022-22690
2022-01-18 17:15:10
CVE-2022-22691
2022-01-18 17:15:10
nvd
nvd
CVE-2022-22690
2022-01-18 17:15:10
CVE-2022-22691
2022-01-18 17:15:10
osv
osv
CVE-2022-22691
2022-01-18 17:15:10
Umbraco Persistent Password Reset Poison
2022-01-21 23:34:27
CVE-2022-22690
2022-01-18 17:15:10